Cisco IronPort Vulnerability
Advisory ID: cisco-sa-20120126-ironport
Cisco IronPort Email Security and IronPort Security Management Appliances contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Fixed software versions or patches are not yet available. Configuration workarounds that mitigate this vulnerability are available.
Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0 and IronPort Security Management Appliance (M-Series) versions prior to 7.8.0 are affected by the FreeBSD telnetd remote code execution vulnerability documented by Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-4862. This one scores a 19 out of 20 on the CVSS score (BASE & TEMPORAL), so you may want to exercise the workaround on this one.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
Symantec Recommends Not Using PcAnywhere
Reuters reports that Symantec has taken the rare step of advising customers not to use one of its mainstay products, saying that remote control software product pcAnywhere is at increased risk of getting hacked after details and code were stolen. Symantec is asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack. PcAnywhere is also bundled with other titles, like Symantec’s Altiris line of software for managing corporate PCs.
This is a serious step, and I applaud Symantec for coming clean on the risks of this powerful and popular product. Most vendors woould simply warn users of increased risk and provide workaround and mitigation steps that may or may not be implementable or effective. I hope that Symantec can release new code quickly, and overcome this unfortunate problem.
